Hackers Find China Is Land of Opportunity

Image

A booth for a British company’s products at a law enforcement trade show in Beijing. Chinese companies there boasted of their ability to hack into and monitor computers and cellphones.CreditCreditGilles Sabrie for The New York Times

BEIJING — Name a target anywhere in China, an official at a state-owned company boasted recently, and his crack staff will break into that person’s computer, download the contents of the hard drive, record the keystrokes and monitor cellphone communications, too.

Pitches like that, from a salesman for Nanjing Xhunter Software, were not uncommon at a crowded trade show this month that brought together Chinese law enforcement officials and entrepreneurs eager to win government contracts for police equipment and services.

“We can physically locate anyone who spreads a rumor on the Internet,” said the salesman, whose company’s services include monitoring online postings and pinpointing who has been saying what about whom.

The culture of hacking in China is not confined to top-secret military compounds where hackers carry out orders to pilfer data from foreign governments and corporations. Hacking thrives across official, corporate and criminal worlds. Whether it is used to break into private networks, track online dissent back to its source or steal trade secrets, hacking is openly discussed and even promoted at trade shows, inside university classrooms and on Internet forums.

The Ministry of Education and Chinese universities, for instance, join companies in sponsoring hacking competitions that army talent scouts attend, though “the standards can be mediocre,” said a cybersecurity expert who works for a government institute and handed out awards at a 2010 competition.

Corporations employ freelance hackers to spy on competitors. In an interview, a former hacker confirmed recent official news reports that one of China’s largest makers of construction equipment had committed cyberespionage against a rival.

One force behind the spread of hacking is the government’s insistence on maintaining surveillance over anyone deemed suspicious. So local police departments contract with companies like Xhunter to monitor and suppress dissent, industry insiders say.

Ai Weiwei, the dissident artist, said he had received three messages from Google around 2009 saying his e-mail account had been compromised, an increasingly common occurrence in China among people deemed subversive. When the police detained him in 2011, he said, they seized 200 pieces of computer equipment and other electronic hardware.

“They’re so interested in computers,” Mr. Ai said. “Every time anyone is arrested or checked, the first thing they grab is the computer.”

There is criminal hacking, too. Keyboard jockeys break into online gaming programs and credit card databases to collect personal information. As in other countries, the police here have expressed growing concern.

Some hackers see crime as more lucrative than legitimate work, but opportunities for skilled hackers to earn generous salaries abound, given the growing number of cybersecurity companies providing network defense services to the government, state-owned enterprises and private companies.

“I have personally provided services to the People’s Liberation Army, the Ministry of Public Security and the Ministry of State Security,” said a prominent former hacker who used the alias V8 Brother for this interview because he feared scrutiny by foreign governments. He said he had done the work as a contractor and described it as defensive, but declined to give details.

And “if you are a government employee, there could be secret projects or secret missions,” the hacker said.

But government jobs are usually not well paying or prestigious, and most skilled hackers prefer working for security companies that have cyberdefense contracts, as V8 Brother does, he and others in the industry say.

Self-trained, the hacker teamed up with China’s patriotic “red hackers” more than a decade ago. Then he began working for cybersecurity companies and was recently making $100,000 a year, he said.

V8 Brother said this cyberworld was so arcane that senior Chinese officials did not know details about computer work at government agencies. “You can’t even explain to them what you’re doing,” he said. “It’s like explaining computer science to a construction worker.”

In Washington, officials criticize what they consider state-sponsored attacks. The officials say intrusions against foreign governments and businesses are growing, and the Pentagon this month accused the Chinese military of attacking American government computer systems and military contractors. The White House, which has ordered cyberattacks against Iran, has made cybersecurity a priority in talks with China. The Chinese Foreign Ministry says China opposes hacking attacks and is itself a victim.

The furor in Washington intensified in February after The New York Times and other news organizations published details of hacking efforts against their own networks and the findings of a new report by a cybersecurity company, Mandiant. The report said a shadowy group within the People’s Liberation Army, Unit 61398, ran a formidable hacking and espionage operation against foreign entities out of a building on the outskirts of Shanghai.

In China, the unit is just one part of the complex universe of hacking and cybersecurity. And the military units are not a well-kept secret. At least four former employees of Unit 61786, responsible for cryptography and information security, have posted résumés on job-search Web sites listing employment in the unit.

Another job seeker reported employment in Unit 61580; the unit has engineers specializing in “computer network defense and attack,” according to the Project 2049 Institute, a nongovernmental organization in Virginia that studies security and policy issues in Asia.

Members of Unit 61398, the bureau mentioned by Mandiant, have written several papers on hacking and cybersecurity with professors at Shanghai Jiaotong University, which has a prominent information security department. Across China, the universities labeled jiaotong — meaning communications — are taking the lead in building such departments. The military recruits at the universities and runs its own training center, the P.L.A. Information Engineering University, in the city of Zhengzhou.

But cybersecurity experts here say the schools often churn out students who know theory but lack practical skills. That could explain why many Chinese hacking attacks that have been discovered do not appear very sophisticated. American cybersecurity experts say attacks from Chinese groups often occur only from 9 to 5 Beijing time. And unlike, say, the Russians, Chinese hackers do not tend to cloak their movements, said Darien Kindlund, manager of the threat intelligence group for FireEye, a cybersecurity firm in Milpitas, Calif.

“They’re using the least amount of sophistication necessary to accomplish their mission,” Mr. Kindlund said. “They have a lot of manpower available, but not necessarily a lot of intelligent manpower to conduct these operations stealthily.”

The culture of hacking began in China in the late 1990s. The most famous underground group then was Green Army. One sign of how hacking has gone mainstream is the fact that the name of a later incarnation of Green Army — Lumeng — is now used by a top cybersecurity company in China. (Its English name is NSFOCUS.)

These companies are often started by prominent hackers or employ them to do network security. They have polished Web sites that list Chinese government agencies and companies as their clients. They also list foreign clients — at least one company, Knownsec, lists Microsoft — and have offices abroad.

The Web site of another company, Venustech, says its clients include more than 100 government offices, among them almost all the military commands. The company, which declined an interview request, has a hacking and cyberdefense research center.

Another former hacker said the monolithic notion of insidious, state-sponsored hacking now discussed in the West was absurd. The presence of the state throughout the economy means hackers often end up doing work for the government at some point, even if it is through something as small-scale as a contract with a local government office.

“I don’t think the West understands,” he said. “China’s government is so big. It’s almost impossible to not have any crossover with the government.”

Private corporations in China are employing hackers for industrial espionage, in operations that involve complex tiers of agents who hire the hackers. Sany Group, one of China’s biggest makers of construction equipment, hired hackers to spy on Zoomlion, a rival, according to official news media reports confirmed by the former hacker. Sany declined to comment.

That hacker said he knew the middleman agent who had hired cyberspies for Sany. The agent was a security engineer who owned two apartments in Beijing and had been under pressure to meet mortgage payments. “In China, everyone is struggling to feed themselves, so why should they consider values and those kinds of luxuries?” the former hacker said. “They work for one thing, and that’s for money.”